using System;
using System.Collections.Generic;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace WebApplication1
{
    public partial class Login : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void login_Click(object sender, EventArgs e)
        {
            string uName = userName.Text;
            string password = Password.Text;

            string sql = "server =LAPTOP-4BDJKOV4; Initial Catalog = UserInfo; User Id = sa ; pwd = qazabc";

            SqlConnection sl = new SqlConnection(sql);

            string sql_select = "select * from userInfo where name = '{0}' and password = '{1}'";

            sql_select = string.Format(sql_select, uName, password);

            SqlParameter[] pars = 
             {
                      new SqlParameter("@name",uName),
                      new SqlParameter("@password",password)
             };

            try
            {
                sl.Open();
                SqlCommand cms = new SqlCommand(sql_select, sl);//对查询语句进行执行

                cms.Parameters.AddRange(pars);

                SqlDataReader sdr = cms.ExecuteReader();

                if (sdr.Read())
                {
                    Session["username"] = uName;
                    Response.Redirect("Home.aspx");
                }
                else
                {
                    Literal1.Text = "用户名或密码错误!";

                }
            }
            catch (Exception ex)
            {

                throw new Exception(ex.Message);
            }
            finally
            {
                if (sl != null)
                {
                    sl.Close();
                }
            }
        }
    }
}